Frozen Fido : RU.UNIX.BSD : Re: ipfw and keep-state

ru.unix.bsd

 
 - RU.UNIX.BSD ------------------------------------------------------------------
 From : Alex Bakhtin                         2:5020/400     23 Jul 2007  13:49:07
 To : Victor Sudakov
 Subject : Re: ipfw and keep-state
 --------------------------------------------------------------------------------

 >>>>> "VS" == Victor Sudakov writes:
 
 Привет,
 
  >> >> Вероятно при попытке установить соединение с хостом y.y.y.y нат заменяет 
  >> >> в исходящем пакете src_ip на некий публичный адрес, не входящий в подсеть
  >> >> x.x.x.x/27, поэтому правило 220 не срабатывает.
 
  VS> Так и есть. А как же теперь написать правило с keep-state, чтобы
  VS> учесть NAT?
 
  >> Используй не allow а skipto. Возможно, в сочетании с навешиванием
  >> тега. У меня оно сделано как-то так. Конфиг не полный и до конца не
  >> доработанный (нет времени), но практически все, что мне нужно -
  >> работает. До выхода релиза семерки трогать ничего не буду, скорее всего.
 
  VS> Посмотрел пример. Очень похоже на Basic двадцатилетней давности :(
  VS> Такая же неудобочитаемая мешанина из GOTO, в которой очень легко
  VS> запутаться и ошибиться.  Это упрёк, конечно, не тебе лично, а
  VS> дизайнерам ipfw.
 
      А что делать? Мне надо было слепить что-то с полиси-роутингом и natом
 на 2 канала. Уж что слепилось. Я, честно говоря, думал на предмет несколько
 лучше структурировать - но до этого не доходят руки, т.к. оно и так
 работает. Может быть, когда-нибудь...
 
  >> Два аплинка - через ng0 и ng1. Тег навешивается в целях
  >> connection-oriented полиси роутинга. Естественно, one pass выключено.
 
  VS> Hе совсем понял, при чём тут one pass. Он же на dummynet влияет, а
  VS> никаких pipe или queue я в твоём примере не нашёл.
 
      Hу, они у меня где-то были. Я, видимо, плохо читал доку и мне
 казалось, что это и на divert влияет. Hу, раз не влияет - значит хорошо:)
 
 -- 
 Best regards, Alex Bakhtin, CCIE #8439
 AMT Group, Cisco Systems Gold Partner, http://www.amt.ru
 --- ifmail v.2.15dev5.3
  * Origin: AMT Group (2:5020/400)

Вернуться к списку тем, сортированных по: возрастание даты уменьшение даты тема автор

Тема:	Автор:	Дата:
ipfw and keep-state	Victor Sudakov	19 Jul 2007 11:11:35
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 11:36:24
Re: ipfw and keep-state	Victor Sudakov	19 Jul 2007 12:40:38
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 13:04:22
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:33:16
ipfw and keep-state	Vadim Guchenko	19 Jul 2007 11:41:58
Re: ipfw and keep-state	Kirill Nuzhdin	19 Jul 2007 11:48:36
Re: ipfw and keep-state	Victor Sudakov	19 Jul 2007 12:48:41
ipfw and keep-state	Vadim Guchenko	19 Jul 2007 13:12:56
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:37:17
Re: ipfw and keep-state	Alex Bakhtin	20 Jul 2007 12:14:39
Re: ipfw and keep-state	Victor Sudakov	23 Jul 2007 09:05:40
Re: ipfw and keep-state	Vadim Goncharov	23 Jul 2007 10:26:49
Re: ipfw and keep-state	Victor Sudakov	24 Jul 2007 10:31:35
Re: ipfw and keep-state	Andrew Filonov	24 Jul 2007 15:19:44
ipfw and keep-state	Andrew Alcheyev	24 Jul 2007 18:21:00
Re: ipfw and keep-state	Victor Sudakov	24 Jul 2007 18:53:55
Re: ipfw and keep-state	Vadim Goncharov	24 Jul 2007 20:27:52
Re: ipfw and keep-state	Victor Sudakov	25 Jul 2007 05:48:22
ipfw and keep-state	Andrew Alcheyev	25 Jul 2007 10:26:00
Re: ipfw and keep-state	Andrew Filonov	25 Jul 2007 09:07:35
ipfw and keep-state	Andrew Alcheyev	25 Jul 2007 12:12:00
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 09:25:57
ipfw and keep-state	Andrew Alcheyev	27 Jul 2007 13:12:01
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:18:11
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:42:35
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 09:30:59
Re: ipfw and keep-state	Vadim Goncharov	26 Jul 2007 16:33:40
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 09:08:52
ipfw and keep-state	Max Khon	31 Jul 2007 13:03:50
Re: ipfw and keep-state	Andrew Filonov	31 Jul 2007 11:53:51
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:41:35
ipfw and keep-state	Andrew Alcheyev	27 Jul 2007 12:53:00
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 21:08:04
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:32:56
Re: ipfw and keep-state	Alexey Kouznetsov	25 Jul 2007 12:12:40
Re: ipfw and keep-state	Vadim Goncharov	25 Jul 2007 15:39:29
Re: ipfw and keep-state	Alexey Kouznetsov	26 Jul 2007 11:36:20
Re: ipfw and keep-state	Vadim Goncharov	26 Jul 2007 16:26:06
Re: ipfw and keep-state	Andrew Filonov	26 Jul 2007 16:47:45
ipfw and keep-state	Vadim Guchenko	23 Jul 2007 12:54:04
Re: ipfw and keep-state	Alex Bakhtin	23 Jul 2007 13:49:07
ipfw and keep-state	Vadim Guchenko	20 Jul 2007 14:00:51
Re: ipfw and keep-state	Vadim Goncharov	21 Jul 2007 16:15:44
ipfw and keep-state	Vadim Guchenko	23 Jul 2007 12:54:34
Re: ipfw and keep-state	Vadim Guchenko	28 Jul 2007 01:05:07
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 21:20:06
Re: ipfw and keep-state	Vadim Guchenko	28 Jul 2007 23:26:38
Re: ipfw and keep-state	Vadim Goncharov	02 Aug 2007 22:26:12
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:43:14
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:38:17
Re: ipfw and keep-state	Vadim Goncharov	20 Jul 2007 11:36:26
Re: ipfw and keep-state	Valentin Davydov	20 Jul 2007 12:32:43
Re: ipfw and keep-state	Vadim Goncharov	21 Jul 2007 16:57:52
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:56:47
ipfw and keep-state	Serge V.Panchenko	26 Jul 2007 17:13:27
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 09:08:21
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 09:18:57
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 10:57:45
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:11:09
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:24:45
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:03:00
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:10:38
Re: ipfw and keep-state	Andrew Filonov	27 Jul 2007 12:23:44
ipfw and keep-state	Alex Semenyaka	30 Jul 2007 04:00:12
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:56:45
Re: ipfw and keep-state	Andrew Filonov	30 Jul 2007 09:38:31
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 11:31:33
Re: ipfw and keep-state	Andrew Filonov	30 Jul 2007 11:47:12
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 13:06:02
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:03:00
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 07:02:51
Re: ipfw and keep-state	Vadim Goncharov	28 Jul 2007 20:32:18
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:37:10
ipfw and keep-state	Serge V.Panchenko	30 Jul 2007 13:18:38
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 14:34:52
ipfw and keep-state	Leizer A. Karabin	31 Jul 2007 08:43:49
Re: ipfw and keep-state	Eugene Grosbein	31 Jul 2007 09:53:10
ipfw and keep-state	Alex Semenyaka	31 Jul 2007 16:39:12
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 00:51:10
ipfw and keep-state	Alex Semenyaka	31 Jul 2007 21:05:30
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 09:56:16
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 09:58:18
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 09:45:02
Re: ipfw and keep-state	Eugene Grosbein	01 Aug 2007 14:47:26
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:34:54
Re: ipfw and keep-state	Eugene Grosbein	02 Aug 2007 11:27:21
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:12:40
ipfw and keep-state	Ilya Kulagin	01 Aug 2007 08:40:54
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 10:25:26
Re: ipfw and keep-state	Valentin Davydov	01 Aug 2007 12:06:28
Re: ipfw and keep-state	alexander lunyov	01 Aug 2007 14:38:04
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:35:22
Re: ipfw and keep-state	Valentin Davydov	02 Aug 2007 13:27:27
Re: ipfw and keep-state	alexander lunyov	02 Aug 2007 14:08:47
ipfw and keep-state	Ilya Kulagin	01 Aug 2007 14:09:10
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:37:56
Re: ipfw and keep-state	Valentin Davydov	01 Aug 2007 11:53:22
ipfw and keep-state	Alex Semenyaka	01 Aug 2007 20:26:42
Re: ipfw and keep-state	Valentin Nechayev	02 Aug 2007 12:20:39
Re: ipfw and keep-state	alexander lunyov	02 Aug 2007 14:08:47
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:13:38
ipfw and keep-state	Leizer A. Karabin	08 Aug 2007 15:33:43
Re: ipfw and keep-state	Valentin Davydov	02 Aug 2007 13:27:27
ipfw and keep-state	Alex Semenyaka	07 Aug 2007 02:15:26
ipfw and keep-state	Serge V.Panchenko	02 Aug 2007 17:07:08
Re: ipfw and keep-state	Eugene Grosbein	02 Aug 2007 20:51:54
Re: ipfw and keep-state	Vadim Goncharov	02 Aug 2007 22:26:42
Re: ipfw and keep-state	Victor Sudakov	03 Aug 2007 05:51:46
Re: ipfw and keep-state	Vadim Goncharov	04 Aug 2007 21:50:13
Re: ipfw and keep-state	Victor Sudakov	05 Aug 2007 09:48:21
Re: ipfw and keep-state	Vadim Goncharov	05 Aug 2007 18:04:53
ipfw and keep-state	Andrew Kant	04 Aug 2007 10:01:23
Re: ipfw and keep-state	Vadim Goncharov	04 Aug 2007 21:52:15
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 10:57:45
Re: ipfw and keep-state	Victor Sudakov	27 Jul 2007 12:11:39
Re: ipfw and keep-state	Valentin Davydov	27 Jul 2007 13:02:59
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 06:39:11
ipfw and keep-state	Alex Mogilnikov	30 Jul 2007 15:37:13
Re: ipfw and keep-state	Victor Sudakov	30 Jul 2007 14:34:21
ipfw and keep-state	Serge V.Panchenko	30 Jul 2007 20:27:01
ipfw and keep-state	Alex Mogilnikov	19 Jul 2007 20:19:07
Re: ipfw and keep-state	Vadim Goncharov	19 Jul 2007 19:51:46
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 06:51:48
Re: ipfw and keep-state	Vadim Goncharov	20 Jul 2007 11:48:00
Re: ipfw and keep-state	Andrew Filonov	20 Jul 2007 09:34:09
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 09:43:45
Re: ipfw and keep-state	Andrew Filonov	20 Jul 2007 10:17:57
Re: ipfw and keep-state	Victor Sudakov	20 Jul 2007 11:14:12

Архивное /ru.unix.bsd/89064ce4e3a2.html, оценка 2 из 5, голосов 10